Information processing apparatus and control method therefor

ABSTRACT

Print job data is generated in accordance with a printing instruction from an application. When encryption of the print job data is designated, the generated print job data is encrypted, and the generated or encrypted print job data is output. When a printing apparatus serving as an output destination to which the encrypted print job data is output does not have a decryption function of decrypting the encrypted print job data, the output destination is changed to a decryption apparatus having the decryption function. When designation to save the print job data in the printing apparatus is detected in encryption, the print job is canceled.

CLAIM OF PRIORITY

This application claims priority from Japanese Patent Application No.2005-171664 filed on Jun. 10, 2005, which is hereby incorporated byreference herein.

FIELD OF THE INVENTION

The present invention relates to a technique of encrypting andoutputting print job data.

BACKGROUND OF THE INVENTION

Recently, printing systems are becoming popular in which client PCs(Personal Computers) are connected to a printing apparatus via a networkand share the printing apparatus. When the users of the client PCs usethe printing apparatus in this printing system, the users often stayaway from the printing apparatus at the start of printing, and printedmaterials may attract the eye of a third party, losing confidentiality.

Under such a circumstance, there is proposed a printing system whichtakes a measure to protect a printed material from the eye of a thirdparty (see, e.g., prior art reference 1: Japanese Patent Laid-Open No.11-212744). In prior art reference 1, at the start of printing, the userinputs, e.g., a personal identification number or password into a clientPC, and the client PC issues a print job with the personalidentification number or password to a printing apparatus. Uponreception of the print job with the personal identification number orpassword, the printing apparatus temporarily stores it in a storage suchas a memory or hard disk in the printing apparatus. The user comes tothe printing apparatus and inputs his personal identification number orpassword from the panel of the main body, and then the printingapparatus starts printing.

Printing starts while the user is in front of the printing apparatus,and his printed material can be protected from the eye of a third party.

In order to start printing while the user is in front of the printingapparatus, a target print job must be specified. In general, a method ofselecting a desired job by the user from a job list displayed on thescreen of the printing apparatus, inputting his password, and thenstarting printing is adopted. In order to improve user's convenience,there is also proposed a method using an ID card instead of promptingthe user to select a job or input his password (see, e.g., prior artreference 2: Japanese Patent Laid-Open No. 11-150559).

In prior art reference 2, ID information registered in an ID card isused as a personal identification number or password. When the ID cardis inserted into a printing apparatus, the printing apparatus reads outthe ID information, finds out a job which coincides with the readout IDinformation, and starts printing.

However, a printed material may be illicitly acquired by monitoringprint jobs flowing through a network, copying a print job, andseparately transmitting the copied print job to a printing apparatus. Aprinted material may also be illicitly acquired by copying data itselfstored in a printing apparatus and separately transmitting the data to aprinting apparatus.

To prevent this, there is proposed a system which encrypts print jobsflowing through a network and jobs stored in a printing apparatus (see,e.g., prior art reference 3: Japanese Patent Laid-Open No. 09-134264).

When a new printing system which encrypts data between a client PC and aprinter is to be built, the client and printer environments are alsorenewed. To the contrary, to introduce an encryption printing functioninto a constructed printing environment, the encryption function must beprovided to a print data generation unit having no encryption functionso as to expand the existing printing environment, and the decryptionfunction must be provided to a printing apparatus having no decryptionfunction. The encryption printing system cannot be provided withoutgreatly changing a conventional system configuration.

SUMMARY OF THE INVENTION

The present invention has been made to overcome the conventionaldrawbacks, and has as its object to add an encryption function ofencrypting print information without greatly changing an existingprinting environment.

In order to achieve the above object, according to one aspect of thepresent invention, there is provided an information processing apparatuswhich encrypts and outputs print job data, comprising:

generation means for generating print job data in accordance with aprinting instruction from an application;

encryption means for encrypting the print job data generated by thegeneration means when encryption of the print job data is designated;

output means for outputting the print job data generated by thegeneration means or the print job data encrypted by the encryptionmeans; and

change means for, when a printing apparatus serving as an outputdestination to which the encrypted print job data is output does nothave a decryption function of decrypting the encrypted print job data,changing the output destination to a decryption apparatus having thedecryption function.

According to another aspect of the present invention, there is providedan information processing apparatus which encrypts and outputs print jobdata, comprising:

generation means for generating print job data in accordance with aprinting instruction from an application;

encryption means for encrypting the print job data generated by thegeneration means when encryption of the print job data is designated;and

cancellation means for canceling a print job when designation to savethe print job data in a printing apparatus is detected by the encryptionmeans.

According to still another aspect of the present invention, there isprovided a method of controlling an information processing apparatuswhich encrypts and outputs print job data, comprising:

a generation step of generating print job data in accordance with aprinting instruction from an application;

an encryption step of encrypting the print job data generated in thegeneration step when encryption of the print job data is designated;

an output step of outputting the print job data generated in thegeneration step or the print job data encrypted in the encryption step;and

a change step of, when a printing apparatus serving as an outputdestination to which the encrypted print job data is output does nothave a decryption function of decrypting the encrypted print job data,changing the output destination to a decryption apparatus having thedecryption function.

According to still another aspect of the present invention, there isprovided a method of controlling an information processing apparatuswhich encrypts and outputs print job data, comprising:

a generation step of generating print job data in accordance with aprinting instruction from an application;

an encryption step of encrypting the print job data generated in thegeneration step when encryption of the print job data is designated; and

a cancellation step of canceling a print job when designation to savethe print job data in a printing apparatus is detected in the encryptionstep.

Other features and advantages of the present invention will be apparentfrom the following description taken in conjunction with theaccompanying drawings, in which like reference characters designate thesame or similar parts throughout the figures thereof.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram showing an example of the configuration of aprinting system according to the first embodiment;

FIG. 2 is a block diagram showing an example of the configuration of aprinting system which does not encrypt print data;

FIG. 3 is a block diagram showing an example of the configuration of aprinting system in a typical encryption printing environment;

FIG. 4 is a block diagram showing the flow of print data in the printingsystem shown in FIG. 1;

FIG. 5 is a block diagram showing the flow of print data in a printingsystem similar to FIG. 4;

FIG. 6 is a block diagram showing an example of the configuration of aprinting system using a printer server;

FIG. 7 is a block diagram showing another example of the configurationof the printing system using the printer server;

FIG. 8 is a block diagram showing an example of the configuration of anencryption plug-in in the printing system;

FIG. 9 is a view showing an example of the data structure of anencrypted job in the printing system;

FIG. 10 is a flowchart showing processing of installing an encryptionplug-in module;

FIG. 11 is a flowchart showing processing of a printer driver 103 in theprinting system;

FIG. 12 is a flowchart showing details of plug-in UI processing (S1102in FIG. 11);

FIG. 13 is a flowchart showing details of plug-in encryption processing(S1105 in FIG. 11);

FIG. 14 is a view showing an example of the configuration of a printingsystem according to the second embodiment;

FIG. 15 is a schematic block diagram showing an example of theconfiguration of a multifunction peripheral shown in FIG. 14;

FIG. 16 is a schematic block diagram showing an example of theconfiguration of a client computer shown in FIG. 14;

FIG. 17 is a flowchart showing a series of processing procedures in theclient computer;

FIG. 18 is a flowchart showing a series of processing procedures in aprinting apparatus;

FIG. 19 is a flowchart showing details of processing (S1703 in FIG. 17)of automatically adding an administrator's public key;

FIG. 20 is a view showing an example of the user interface of a printerdriver which enables encryption printing; and

FIG. 21 is a view showing an example of the user interface of a tool forgenerating an install set capable of installing a printer driver with anadministrator's public key.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

Preferred embodiments of the present invention will be described indetail below with reference to the accompanying drawings.

[First Embodiment]

FIG. 1 is a block diagram showing an example of the configuration of aprinting system according to the first embodiment. In the printingsystem, at least one client PC 100, decryption box 101, and printer 102are connected to each other via a network 107.

In the first embodiment, the hardware configurations of the client PC100, decryption box 101, and printer 102 suffice to be general ones, anda description thereof will be omitted. The software configuration willbe explained in detail.

In the client PC 100, application software 105 has a role of generating,editing, or processing data, and when the user designates the start ofprinting, transferring data to be printed to a printer driver 103. Theprinter driver 103 is installed in each printer connected to the network107, receives print data sent from the application software 105 via aninterface provided by the OS (Operating System), and generates print jobdata interpretable by a corresponding printer.

The printer driver 103 is formed from a driver UI 131 for making printsettings, a print data generation unit 132 which receives print datafrom the application software 105 and generates print job data for aprinter, a plug-in control unit 133 which provides a function-expandableinterface for the printer driver 103, and a spool unit 134 whichtemporarily spools print job data generated by the print data generationunit 132 or print job data processed by a plug-in via the plug-incontrol unit 133.

The plug-in control unit 133 provides an interface capable of adding auser interface, and an interface for access to print job data generatedby the print data generation unit 132.

The client PC 100 also comprises an encryption plug-in 104 which iscontrolled by the plug-in control unit 133 and encrypts print data. Theencryption plug-in 104 is formed from a plug-in UI 141 for settingwhether or not to encrypt print data and inputting settings of theencryption plug-in function, a print data analysis unit 142 whichanalyzes print job data generated by the print data generation unit 132,specifies print data, and determines whether the print job complies withencryption printing, and an encryption engine unit 143 which encryptsprint data that is analyzed and extracted by the print data analysisunit 142. The encryption plug-in 104 also detects whether encryption ofprint job data has been designated.

When save of print data in the printer 102 is designated, the print dataanalysis unit 142 determines that the print job is incompatible.Encryption of print data by the encryption engine unit 143 will bedescribed in detail later.

Print data encrypted by the encryption plug-in 104 is returned to theprinter driver 103 via the plug-in control unit 133.

The client PC 100 also comprises a data transmission/reception unit 106.The data transmission/reception unit 106 exchanges data with thedecryption box 101 and the printer 102 via the network 107.

The decryption box 101 receives print job data containing encryptedprint data from the client PC 100 connected via the network 107,decrypts the print data, and transmits the decrypted print job data tothe printer 102. The decryption box 101 is formed from a datatransmission/reception unit 111 which exchanges data with the client PC100 and printer 102 (to be described later) that are connected via thenetwork 107, an operation unit 112 for inputting a password or the likein decrypting encrypted data, a print data analysis unit 113 whichanalyzes print job data that is received from the datatransmission/reception unit 111 and contains encrypted print data, andextracts the encrypted print data, and a decryption engine unit 114which decrypts the encrypted print data.

Print data decrypted by the decryption engine unit 114 is transmitted tothe printer 102 via the data transmission/reception unit 111 and network107.

The printer 102 performs print processing or sends back the printingstatus as a response in accordance with an instruction from theconnected client PC 100 via the decryption box 101. The printer 102 isformed from a data transmission/reception unit 121 which exchanges datawith the client PC 100 and decryption box 101 that are connected via thenetwork 107, an operation unit 122 for making print settings, a printingapparatus control unit 123 which analyzes print job data received viathe data transmission/reception unit 121 and generates a print page, andan output unit 124 which prints out a print page generated by theprinting apparatus control unit 123.

The flow of encrypted print data in encrypting, by the encryptionplug-in 104, print data to be transferred from the printer driver 103 ofthe client PC 100 to the printer 102, and outputting the encrypted printdata to a decryption-incompatible printer 102 will be explained incomparison with the flow of conventional unencrypted print data.

FIG. 2 is a block diagram showing an example of the configuration of aprinting system which does not encrypt print data. As shown in FIG. 2,the printing system comprises a printer driver 201 and conventionalprinter 202. PDL (Page Description Language) data generated by theprinter driver 201 is transferred as a plain text via a network 210.

FIG. 3 is a block diagram showing an example of the configuration of aprinting system in a typical encryption printing environment. As shownin FIG. 3, an encryption plug-in 303 provides a printer driver 301 witha function of encrypting PDL data. The printer driver 301 is connectedto a printer 302 having a decryption function, and encrypted PDL data istransferred via a network 310.

FIG. 4 is a block diagram showing the flow of print data in the printingsystem shown in FIG. 1. In this example, encryption printing is doneusing a (decryption-incompatible) printer 402 having no decryptionfunction. In an environment where a printer driver 401 and the printer402 are connected, an encryption plug-in 403 provides the printer driver401 with a function of encrypting PDL data, and a decryption box 404having a decryption function is interposed between the printer driver401 and the printer 402. The data destination of the printer driver 401is changed from the printer 402 to the decryption box 404, and encryptedprint data is transmitted.

The decryption box 404 decrypts print job data containingreceived/encrypted print data, and transmits the resultant print jobdata as print job data of a plain text to the printer 402. In theexample shown in FIG. 4, the printer 402 does not support SSL encryptioncommunication. The decryption box 404 and printer 402 are connected by alocal interface such as a USB to protect print data from eavesdropping.

FIG. 5 is a block diagram showing the flow of print data in a printingsystem similar to FIG. 4. In the example shown in FIG. 5, a printer 502supports SSL encryption communication. Encrypted print job data iscommunicated between a decryption box 504 and the printer 502 by SSLcommunication using a network.

The configuration of a printing system when print job data containingencrypted print data is transferred to a decryption-compatible printerwill be explained.

FIGS. 6 and 7 are block diagrams showing examples of the configurationof a printing system using a printer server. In the example shown inFIG. 6, a printer driver 601 of a client PC generates encrypted PDLdata, and transmits print job data to a print server 610. The printserver 610 transfers the print job data to a printer 602 having adecryption function or to the printer via a decryption box, therebyrealizing encryption printing.

In the example shown in FIG. 7, print processing on the client PC sideselects a printing method using spooling in an abstracted meta fileformat (e.g., for Windows®, an EMF file). In this case, print data ofthe meta file format is transferred to a print server 710, and encryptedby an encryption plug-in 713 in the print server 710. That is,information corresponding to print data of a plain text is undesirablyexchanged between a printer driver 701 of the client PC and the printserver 710.

To solve this problem, according to the first embodiment, the printingmethod is forcibly switched to a method which dose not perform meta filespooling even when a printing method using spooling in an abstractedmeta file format is selected in print processing on the client PC side.

FIG. 8 is a block diagram showing an example of the configuration of anencryption plug-in in the printing system. In FIG. 8, an encryptionplug-in 803 executes internal processing of encrypting print job datagenerated by a printer driver 801. For this purpose, a print dataanalysis unit analyzes print job data, and an incompatible jobdetermination unit 812 determines whether the print job is properlysubjected to encryption printing. For example, when print job datadesignates save of print data in the printer, the print job isdetermined not to be proper, and the print job is canceled.

This prevents leakage of data after decrypting encrypted data becausedata is saved in a printer 802 without any encryption in print data saveprocessing. When the print job is proper as a result of analyzing printjob data, not the job attribute but only the print data body isextracted, and encrypted by a data encryption unit 814. An encryption IDassignment unit 813 assigns the encrypted data an identifier (ID)representing that the data has been encrypted. After that, whenencrypted print job data is decrypted by the decryption box ordecryption-compatible printer 802, decryption processing is performed byreferring to the identifier representing that data has been encrypted.

FIG. 9 is a view showing an example of the data structure of anencrypted job in the printing system. Left data shown in FIG. 9 is printjob data representing an unencrypted state. Print job data is sandwichedbetween a job header information field and a job footer informationfield, and is made up of combinations each of attribute data, anidentifier representing an unencrypted state, and PDL data of a plaintext.

When a PDL data field is specified in analysis processing by the printdata analysis unit 142 of the encryption plug-in 104, the encryptionengine unit 143 encrypts PDL data. Right data shown in FIG. 9 representsthat PDL data is replaced with encrypted PDL data and an identifierrepresenting that the PDL data has been encrypted is added.

Processing of installing the encryption plug-in 104 (encryption plug-inmodule) in the client PC 100 shown in FIG. 1 will be explained.

FIG. 10 is a flowchart showing processing of installing an encryptionplug-in module. The client PC 100 starts installation processing, andthe flow advances to step S1001. Installed printer drivers are searchedfor, it is determined whether the encryption plug-in module can beinstalled, and installable printer drivers are displayed in the userinterface window. Whether a searched printer driver supports theencryption plug-in module is determined by whether the printer driverhas the plug-in control unit 133 shown in FIG. 1. If a printer driversupports the encryption plug-in module, the printer driver is displayedin the user interface window.

In step S1002, the user is prompted to select one of printer drivers tobe installed from the user interface window. In step S1003, theencryption plug-in module is installed in correspondence with theselected printer driver. Note that the encryption plug-in module isacquired by loading it from a CD-ROM or DVD, or downloading it from apredetermined distribution site via the network 107.

In step S1004, the output destination setting of a printer in theprinter driver in which the encryption plug-in module is installed iscorrectly reset. If the printer supports decryption (see FIG. 3), theoutput destination is not changed. If the printer does not supportdecryption (FIGS. 4 and 5), the output destination is reset to thedecryption box 101 (404 or 504) connected between the printer driver andthe printer. Thereafter, installation processing ends.

FIG. 11 is a flowchart showing processing of the printer driver 103 inthe printing system. The application software 105 designates the startof printing, and requests the print data generation unit 132 of theprinter driver 103 to generate a print job. The flow advances to stepS1101, and the plug-in control unit 133 determines whether theencryption plug-in 104 has already been installed. If YES in step S1101,the flow advances to step S1102, and the plug-in UI 141 of theencryption plug-in 104 is invoked to execute plug-in UI processing. IfNO in step S1101, the flow advances to step S1103.

Plug-in UI processing in step S1102 will be described in detail laterwith reference to FIG. 12.

In step S1103, the print data generation unit 132 receives print datafrom the application software 105 via the interface of the OS, andgenerates print job data interpretable by the printer 102 from the printdata. In step S1104, it is determined whether the encryption plug-in 104has been installed. If YES in step S1104, the flow advances to stepS1105, and the print data analysis unit 142 and encryption engine unit143 of the encryption plug-in 104 are invoked to execute plug-inencryption processing. If NO in step S1104, the flow advances to stepS1106.

Plug-in encryption processing in step S1105 will be described in detaillater with reference to FIG. 13.

In step S1106, it is determined whether a print job has normally beencreated. If YES in step S1106, the flow advances to step S1107 totransmit the print job data to a set output destination. If NO in stepS1106, the flow advances to step S1108 to perform job cancellationprocessing.

Print job data generation processing by the printer driver 103 accordingto the first embodiment has been described.

FIG. 12 is a flowchart showing details of plug-in UI processing (S1102in FIG. 11). When the plug-in control unit 133 of the printer driver 103invokes the plug-in UI 141 of the encryption plug-in 104, the flowadvances to step S1201 to display a user interface window for settingwhether or not to encrypt print data and prompt the user to make asetting. In step S1202, meta file spool processing by the printer driver103 is set OFF, and the flow returns to an invoking routine.

FIG. 13 is a flowchart showing details of plug-in encryption processing(S1105 in FIG. 11). When the print data analysis unit 142 and encryptionengine unit 143 are invoked, similar to the UI 141 of the encryptionplug-in 104, the flow advances to step S1301, and the print dataanalysis unit 142 analyzes print job data generated by the printerdriver 103. In step S1302, it is determined whether the print job isincompatible with encryption printing. In the first embodiment, datarepresenting save of print data in the printer 102 is determined to beincompatible with encryption printing.

If the job is determined in step S1302 not to be incompatible, the flowadvances to step S1303 to extract print data from the print job. Theprint job generally contains a control code and the like which do notinfluence a print result, and such data is not encrypted in the firstembodiment.

The encryption engine unit 143 encrypts the extracted print data in stepS1304, and adds in step S1305 an identifier representing that the printdata has been encrypted. In step S1306, the flow returns to an invokingroutine in response to a return value representing normal end.

A method of encrypting print data may be a known encryption method suchas a common key method or public key method, and a description thereofwill be omitted.

If the job is determined in step S1302 to be incompatible, the flowadvances to step S1307 to present an error display. In step S1308, theflow returns to an invoking routine in response to a return valuerepresenting an error end.

As described above, according to the first embodiment, the encryptionfunction of encrypting print information can be added by installing anencryption plug-in module without greatly changing an existing printingenvironment.

[Second Embodiment]

The second embodiment according to the present invention will bedescribed in detail below with reference to the accompanying drawings.

Recently, IC cards have prevailed, and there is also proposed amechanism in which processing of simplifying input of a personalidentification number or password by using an ID card is realized usingan IC card.

As the performance of IC cards improves, the above-described encryptionitself can be achieved by the IC card. There is also proposed a moresecure method which basically inhibits decryption in the absence of anIC card used for encryption.

In confidential printing using a conventional IC card, decryption isgenerally permitted for only an IC card used for encryption. When theuser loses his IC card, he cannot print. Furthermore, when theadministrator is to audit a printed material, he cannot audit it becausedata cannot be decrypted.

A purpose of the second embodiment is to allow decrypting a print jobeven with an administrator's IC card in addition to a user's IC card.

FIG. 14 is a view showing an example of the configuration of a printingsystem according to the second embodiment. In FIG. 14, reference numeral1400 denotes a communication network which supports, e.g., a TCP/IPprotocol. Reference numerals 1410 and 1420 denote information processingapparatuses which are client computers used by general users. Referencenumeral 1430 denotes an information processing apparatus which is amanagement server computer. Reference numeral 1440 denotes an imageforming apparatus which is a multifunction peripheral having a pluralityof functions.

In this configuration, an electronic document created by an applicationin, e.g., the client computer 1410 is encrypted with a connected ICcard, and transmitted to the multifunction peripheral 1440.

Immediately after receiving the encrypted print data, the multifunctionperipheral 1440 does not print, and temporarily saves the encryptedprint data. When the user comes to the multifunction peripheral 1440 andsets his IC card, the multifunction peripheral 1440 decrypts thesaved/encrypted print job and starts printing.

This configuration is merely a conceptual diagram of a generalconfiguration, and pluralities of computers and multifunctionperipherals used by general users may be adopted. The multifunctionperipheral is not always necessary, and single devises such as ascanner, printer, and FAX apparatus may be connected to a network.

FIG. 15 is a schematic block diagram showing an example of theconfiguration of the multifunction peripheral shown in FIG. 14. A CPU(Central Processing Unit) 1501 shown in FIG. 15 executes variousfunctions and various processes (to be described later) according to thesecond embodiment together with a control unit 1505 by using a RAM(Random Access Memory) 1504 in accordance with a control program readout from a ROM (Read Only Memory) 1502 or hard disk 1503. The RAM 1504stores various types of information such as the driving conditions andmanagement data of respective units of the apparatus, and stores datanecessary for operation.

A display unit 1506 displays various types of information such as thedriving condition, apparatus state, and input information. An operationunit 1507 includes keys (e.g., a ten-key pad and start key) forinputting settings, instructions, and the like from the user, and atouch panel which is partially provided on the display unit 1506.

A communication control unit 1508 connects a network such as an intranetor the Internet, and executes transmission/reception of document datacontaining image data and control commands. A network control device1509 connects a PSTN (Public Switched Telephone Network), and inoriginating or receiving a call, executes predetermined line control toconnect Or disconnect the line. Image data and control signals aremodulated/demodulated by an internal modem device, and facsimiletransmission/reception is executed via the network control device 1509.

A reading device 1510 reads image data by photoelectrically convertingreflected light corresponding to an image of light which irradiates adocument to be transmitted, copied, or saved. A printing device 1511forms read or received image data or received print data as a permanentvisible image on a print sheet, and outputs the print sheet.

An image storage unit 1512 temporarily stores read or received imagedata and received print data. The image storage unit 1512 may be ensuredin the hard disk 1503 depending on the device or state.

An image processing unit 1513 performs various processes in accordancewith a request. That is, the image processing unit 1513 compresses andencodes image data to be transmitted, or decompresses and decodesreceived image data. The image processing unit 1513 converts receivedprint data into image data, or converts image data to be saved into aproper format or format designated by the user (e.g., PDF format). Theimage processing unit 1513 performs image correction processing inaccordance with the optical response characteristic of the readingdevice 1510, variations in sensor, or the like, performs imageprocessing such as scaling processing of an image input by the user fromthe operation unit 1507, or performs image optimization processing forimage data that is suitable for the write characteristic of the printingdevice 1511 or the like.

An authentication processing unit 1514 performs print job authenticationin addition to user authentication. A bus 1515 connects the CPU 1501,ROM 1502, hard disk 1503, RAM 1504, control unit 1505, display unit1506, operation unit 1507, communication control unit 1508, readingdevice 1510, printing device 1511, image storage unit 1512, imageprocessing unit 1513, and authentication processing unit 1514 to eachother.

In this manner, the multifunction peripheral 1440 comprises a facsimilecommunication function of transmitting read image data, a transferfunction of transferring data to the document management server computer1430, a copying function of printing out read image data, areception/printing function of FAX-receiving received image data, and aprinting function of receiving and printing print data from the clientcomputer 1410 or 1420. The multifunction peripheral 1440 can be soconfigured as to be used as not only a copying apparatus but also afacsimile apparatus, printer, and scanner.

A storage medium control unit has a user authentication function of,when a magnetic card holding, e.g., a department number and password isinserted, reading out a preset department number and password from theROM 1502 or hard disk 1503, performing authentication by theauthentication processing unit 1514, and then implementing variousfunctions.

Instead of using a magnetic card, the user may be prompted to input adepartment number and password from the operation unit 1507, and theauthentication processing unit 1514 may authenticate the user.

In addition to an electrophotographic method, the printing device 1511may employ another printing method such as an inkjet method, thermalhead method, or dot impact method.

FIG. 16 is a schematic block diagram showing an example of theconfiguration of the client computer shown in FIG. 14. In FIG. 16, theclient computer comprises a CPU 1601 which executes a program stored ina ROM 1602 or hard disk (HD) 1610 or supplied from a floppy® disk drive(FD) 1609. The CPU 1601 comprehensively controls devices connected to asystem bus 1604.

Reference numeral 1603 denotes a RAM which functions as a main memory,work memory, and the like for the CPU 1601. Reference numeral 1608denotes a keyboard controller (KBC) which controls instruction inputsfrom a keyboard (KB) 1612, pointing device (not shown), and the like.Reference numeral 1607 denotes a CRT controller (CRTC) which controlsdisplay on a CRT display (CRT) 1611. Reference numeral 1606 denotes adisk controller (DKC) which controls access to the hard disk (HD) 1610and floppy® disk (FD) 1609 that store a boot program, variousapplications, edit files, user files, an installation program creatingprogram, and the like. Reference numeral 1605 denotes a host interface(I/F) which exchanges data in two ways with a local printer, networkprinter, another network device, or another PC.

Processing when the client computer generates print data in, encryptsthe print data by common key encryption, and transmits the encrypteddata to the multifunction peripheral (printing apparatus) will beexplained.

FIG. 17 is a flowchart showing a series of processing procedures in theclient computer. Print data is generated by the printer driver in theprinting client computer in step S1701, and the generated print data isencrypted in step S1702. Encryption of print data is realized by variousmethods, and the second embodiment employs the common key method. Acommon key can also be generated by various methods, and for example, arandom number is generated and used as a common key.

In step S1703, in order to enable a plurality of users to decrypt printdata, a list of public keys for encrypting a common key is generated onthe basis of the fact that a common key can be decrypted with privatekeys corresponding in number to public keys. A common key is encryptedbecause encryption of print data becomes insignificant when a common keynecessary to decrypt print data is added as a plain text to a print job.If a plurality of users can decrypt a common key, this means that aplurality of users can decrypt print data.

Encryption of a common key is also realized by various methods, and thesecond embodiment employs the common key method. When a plurality ofusers can decrypt print data, for example, the administrator prints foran audit, and in addition, he asks his secretary to go for a printedmaterial. In most cases, the user is quite unlikely to add anadministrator's key to the list, and the key is preferably automaticallyadded. The choice depends on practical use, and the key may not beautomatically added. A public key may be acquired directly from an ICcard, or via a certificate, certificate authority, or server, and anymethod can be adopted.

In step S1704, one public key is acquired from the list generated instep S1703, and the common key is encrypted. In step S1705, it isdetermined whether to encrypt the common key with another public key inorder to enable decryption with a plurality of private keys. If thecommon key needs to be encrypted with another public key, the flowadvances to step S1706 to acquire another public key, and returns tostep S1704. If the common key need not be encrypted with another publickey, the flow advances to step S1707 to calculate the hash value of thecommon key as data for confirming whether decryption has correctly beendone on the receiving side.

In step S1708, one or more encrypted common keys and their hash valuesare added to the encrypted print data. In step S1709, the print data istransmitted to the printing apparatus.

Processing when the multifunction peripheral (printing apparatus)receives encrypted print data, common key, and a hash value from aclient computer, decrypts print data by using the common key and hashvalue, and outputs the decrypted print data will be explained.

FIG. 18 is a flowchart showing a series of processing procedures in theprinting apparatus. In step S1801, encrypted print data transmitted fromthe client computer is received and temporarily saved in the printingapparatus. In step S1802, an encrypted common key and its hash value areacquired as decryption information from the saved print data.

If a printing start instruction is issued in step S1803, the flowadvances to step S1804 to decrypt the encrypted common key with aprivate key given at the start of printing. As an example of theprinting start instruction, an IC card may be inserted into the printingapparatus.

More specifically, when the printing user inserts an IC card, theencrypted common key is decrypted with a private key held in the ICcard. In particular, the latest IC card can perform decryption within itusing a dedicated coprocessor, and thus is more secure without leakingany private key outside from the IC card.

In step S1805, the hash value of the decrypted common key is calculatedand compared with the hash value acquired from the print data. If thesehash values agree with each other in step S1806, it is determined thatthe common key has correctly been decrypted, and the flow advances tostep S1807 to decrypt the print data with the decrypted common key. Instep S1808, the decrypted print data is output.

If these hash values disagree with each other in step S1806, it isdetermined that the common key was not correctly decrypted, and the flowadvances to step S1809 to check whether another encrypted common key isadded to the print data. If another encrypted common key is added, theflow advances to step S1810 to decrypt the common key with the privatekey, and returns to step S1805. If no other encrypted common key isadded, the flow advances to step S1811 and ends with an error becausethe transmitted/encrypted print data cannot be decrypted with theobtained private key.

FIG. 19 is a flowchart showing details of processing (S1703 in FIG. 17)of automatically adding an administrator's public key: In step S1901, itis checked whether settings which allow the administrator to print atany time have been made. Depending on practical use, confidentialityneeds to be protected even by inhibiting an audit by the administrator.In such a case, settings which allow the administrator to print at anytime have not been made, and the flow ends without automatically addingthe administrator's public key to a public key list.

If settings which allow the administrator to print at any time have beenmade, the flow advances to step S1902 to acquire the administrator'spublic key.

In step S1903, it is determined whether the administrator's public keyhas correctly been acquired. If the administrator's public key hascorrectly been acquired, the flow advances to step S1904 to add theacquired administrator's public key to the public key list.

If no administrator's public key has been acquired, the flow advances tostep S1905 to prepare a standard administrator's public key and add itto the public key list.

FIG. 20 is a view showing an example of the user interface of a printerdriver which enables encryption printing. In FIG. 20, reference numeral2001 denotes a check box, and when the user checks this check box, printdata is encrypted. Reference numeral 2002 denotes a decryption enableuser list. When an add button 2003 is clicked, a target user is added tothe decryption enable user list 2002. When a delete button 2004 isclicked, a target user is deleted from the decryption enable user list2002. Reference numeral 2005 denotes a list of currently held publickeys to which a public key can be added on request.

An administrator 2006 of the decryption enable user list 2002 cannot bedeleted with the delete button 2004.

FIG. 21 is a view showing an example of the user interface of a tool forgenerating an install set capable of installing a printer driver with anadministrator's public key. By using this tool, the administratorgenerates in advance an install set for installing his public key, anddistributes the install set to a general user. A general user installs aprinter driver by using the distributed install set.

The install set may be provided in an execute form so as to install aprinter driver when a general user activates the install set, or may beprovided in another form.

In FIG. 21, reference numeral 2101 denotes a site of an original driverbefore an administrator's public key is embedded. The site can bechanged by clicking a change button 2102. Reference numeral 2103 denotesa generation destination of a printer driver install set at which anadministrator's public key is embedded. The generation destination canbe changed by clicking a change button 2104. Reference numeral 2105denotes a site of an administrator's public key to be added. The sitecan be changed by clicking a change button 2106. By clicking a button2107, an install set to install a selected public key is generated.

By the above-described processing, encrypted print data can be decryptedwith a plurality of keys, and especially with an administrator's key,and thereby the administrator can decrypt encrypted print data and printit out for an audit. A printer driver install set with anadministrator's public key is generated, the printer driver is installedin each client, and print data which can be decrypted with theadministrator's key can be easily generated.

The encryption module may be separated as a dedicated application from aprinter driver. In this case, a printer driver install set means adedicated application install set.

As described above, according to the second embodiment, an encryptedprint job can be decrypted even with an administrator's IC card inaddition to a user's IC card, and printed by the administrator for anaudit. Particularly when a key for encrypting a print job is encryptedwith a plurality of second keys and these second keys are added to theprint job, encrypted keys are added by the number of second keys to onlyone encrypted print job. As a result, the data size of the encryptedprint job becomes smaller than that of a print job which is encryptedwith two keys.

Further, the second embodiment can provide a low-cost encryptionprinting environment using a conventional system environment or printingapparatus.

[Modification 1 to Second Embodiment]

In the second embodiment, an administrator's key is saved in a clientcomputer, and the printer driver adds the saved administrator's key inencryption printing. However, an administrator's key need not be held ina client computer. For example, the management server computer 1430shown in FIG. 14 may be defined as a special computer which saves anadministrator's key, and the printer driver may acquire the key from themanagement server computer 1430 every encryption printing.

In this case, when an administrator's key is changed, a key in eachclient computer need not be changed.

[Modification 2 to Second Embodiment]

As an example of practical use, the administrator may decrypt encryptedprint data and print it at any time for an audit. However, some usersmay not always transmit print data containing an administrator's key,sometimes maliciously.

To cope with this situation, a step of transmitting print data to aprinting apparatus and confirming whether an administrator's key hasbeen added is added to operation of the printing apparatus.

If print data containing no administrator's key is found, it is deleted.A log of contents that a job is canceled because no administrator's keyhas been added is preferably left in the print log or the like.

When a job is canceled, a client computer may be notified of a messageto this effect, and the message may be displayed.

The notification may use a dedicated application or another method suchas e-mail.

[Modification 3 to Second Embodiment]

An administrator's key is not always authentic, and a malicious user mayadd a different administrator's key.

To cope with this situation, a step of confirming the authenticity of anadministrator's key within a printing apparatus is added to operation ofthe printing apparatus.

The authenticity of an administrator's key can be confirmed by anymethod: it is inquired of the certificate authority every encryptionprinting, or the key of a current administrator is saved in a printingapparatus and compared.

Note that if the administrator's key is unauthentic data, print data canbe deleted. In this case, it is preferable to leave a log message, whichindicates that the print job in question was canceled due to anunauthentic administrator's key.

When a job is canceled, a client computer may be notified of a messageto this effect, and the message may be displayed.

The notification may use a dedicated application or another method suchas e-mail.

The present invention may be applied to a system including a pluralityof devices (e.g., a host computer, interface device, reader, andprinter) or an apparatus (e.g., a copying machine or facsimileapparatus) formed by a single device.

The object of the present invention is also achieved when a recordingmedium which records software program codes for realizing the functionsof the above-described embodiments is supplied to a system or apparatus,and the computer (or the CPU or MPU) of the system or apparatus readsout and executes the program codes stored in the recording medium.

In this case, the program codes read out from the recording mediumrealize the functions of the above-described embodiments, and therecording medium which records the program codes constitutes the presentinvention.

The recording medium for supplying the program codes includes a floppy®disk, hard disk, optical disk, magnetooptical disk, CD-ROM, CD-R,magnetic tape, nonvolatile memory card, and ROM.

The functions of the above-described embodiments are realized when thecomputer executes the readout program codes. Also, the functions of theabove-described embodiments are realized when an OS (Operating System)or the like running on the computer performs some or all of actualprocesses on the basis of the instructions of the program codes.

Furthermore, the present invention includes a case in which, after theprogram codes read out from the recording medium are written in thememory of a function expansion board inserted into the computer or thememory of a function expansion unit connected to the computer, the CPUof the function expansion board or function expansion unit performs someor all of actual processes on the basis of the instructions of theprogram codes and thereby realizes the functions of the above-describedembodiments.

The present invention can add an encryption function of encrypting printinformation without greatly changing an existing printing environment,and can prevent leakage of print information.

As many apparently widely different embodiments of the present inventioncan be made without departing from the spirit and scope thereof, it isto be understood that the invention is not limited to the specificembodiments thereof except as defined in the appended claims.

1-24. (canceled)
 25. An information processing apparatus comprising: a generation unit configured to generate print job data in accordance with a printing instruction from an application; a display unit configured to display a screen for designating whether or not to execute encryption processing of the print job data generated by the generation unit; an encryption processing unit configured to perform encryption processing of the print job data when execution of the encryption processing of the print job data is designated on the screen; and a control unit configured to transmit the print job data encrypted by the encryption processing unit to a printing apparatus, in a case where the execution of the encryption processing is designated via the screen displayed by the display unit and a designation to save the print job data in the printing apparatus is not made, and transmit the print job data not encrypted by the encryption processing unit to the printing apparatus, in a case where the execution of the encryption processing is not designated via the screen displayed by the display unit, wherein the control unit controls the apparatus such that two processes performed according to two designations are not executed simultaneously, the two designations being a designation to execute the encryption processing made via the screen displayed by the display unit and the designation to save the print job data in the printing apparatus.
 26. The apparatus according to claim 25, wherein the controlling by the control unit such that the two processes according to the two designations are not executed simultaneously comprising controlling the apparatus not to transmit the print job data to the printing apparatus.
 27. The apparatus according to claim 26, wherein the generation unit includes a printer driver installed in each printing apparatus, the encryption processing unit includes a plug-in module, and the plug-in module is installed on the basis of the printer driver.
 28. The apparatus according to claim 27, wherein the designation to save the print job data is detected by the plug-in module.
 29. The apparatus according to claim 28, wherein the plug-in module extracts print data contained in the print job data, encrypts the extracted print data, and adds, to the print job data, identification information indicating that the print job data has been encrypted.
 30. An information processing apparatus comprising: a generation unit configured to generate print job data in accordance with a printing instruction from an application; a display unit configured to display a screen for designating whether or not to execute encryption processing of the print job data generated by the generation unit; an encryption processing unit configured to perform encryption processing of the print job data when execution of the encryption processing of the print job data is designated on the screen; and a control unit configured to transmit the print job data encrypted by the encryption processing unit to a printing apparatus, in a case where the execution of the encryption processing is designated via the screen displayed by the display unit and a designation to save the print job data in the printing apparatus is not made, and transmit the print job data not encrypted by the encryption processing unit to the printing apparatus, in a case where the execution of the encryption processing is not designated via the screen displayed by the display unit, wherein the control unit controls the apparatus such that the print job data encrypted by the encryption processing unit is not saved in the printing apparatus.
 31. A method of controlling an information processing apparatus, the method comprising: generating print job data in accordance with a printing instruction from an application; displaying a screen for designating whether or not to execute encryption processing of the print job data generated in the generating step; performing encryption processing of the print job data when execution of the encryption processing of the print job data is designated on the screen; transmitting the print job data encrypted in the encryption processing step to a printing apparatus, in a case where the execution of the encryption processing is designated via the screen displayed in the displaying step and a designation to save the print job data in the printing apparatus is not made; and transmitting the print job data not encrypted in the encryption processing step to the printing apparatus, in a case where the execution of the encryption processing is not designated via the screen displayed in the displaying step, wherein, in the transmitting steps, two processes according to two designations are not executed simultaneously, the two designations being a designation to execute the encryption processing made via the screen displayed in the displaying step and the designation to save the print job data in the printing apparatus.
 32. The method according to claim 31, further comprising controlling the apparatus such that two processes according to the two designations are not executed simultaneously so as not to transmit the print job data to the printing apparatus.
 33. The method according to claim 32, wherein the generating step is executed by a printer driver installed in each printing apparatus, the encryption processing step is executed by a plug-in module, and the plug-in module is installed on the basis of the printer driver.
 34. The method according to claim 33, wherein the designation to save the print job data is detected by the plug-in module.
 35. The method according to claim 34, wherein the plug-in module extracts print data contained in the print job data, encrypts the extracted print data, and adds, to the print job data, identification information representing that the print job data has been encrypted.
 36. A program embodied in a non-transitory computer-readable storage medium, which causes a computer to execute a method of controlling an information processing apparatus, the method comprising: generating print job data in accordance with a printing instruction from an application; displaying a screen for designating whether or not to execute encryption processing of the print job data generated in the generating step; performing encryption processing of the print job data when execution of the encryption processing of the print job data is designated on the screen; transmitting the print job data encrypted in the encryption processing step to a printing apparatus, in a case where the execution of the encryption processing is designated via the screen displayed in the displaying step and a designation to save the print job data in the printing apparatus is not made; and transmitting the print job data not encrypted in the encryption processing step to the printing apparatus, in a case where the execution of the encryption processing is not designated via the screen displayed in the displaying step, wherein, in the transmitting steps, two processes according to two designations are not executed simultaneously, the two designations being a designation to execute the encryption processing made via the screen displayed in the displaying step and the designation to save the print job data in the printing apparatus. 